Vinta's High Quality Software Standards
- Distributed Version Control (like Git)
-
Clear README instructions covering:
- Project setup
- Setup common issues
- Development
- Tests
- Deployment
- Commands
- Periodic jobs
- Integrations
-
System Documentation
- Complex business rules
- Nontrivial design decisions
- Known shortcomings
- Third-party integrations documentation
- Easy onboarding process (eg. Vinta's Playbook - Developer Onboarding )
- Loosely coupled architecture. More details
- Configuration stored in environment. More details
-
Logging standards facilitating search and protecting user data:
- Logs are prefixed according to task/feature
- No sensitive data is being logged
- Small batches of work
- Continuous testing (i.e., the process of executing automated tests as part of the software delivery pipeline)
- Continuous integration
- Code coverage above 80%
- Code review standards, including frequent small PRs. More details here and here
- Safe automated deployment pipeline, including protected Master branches
- Deployment frequency between one day and one week
- Lead time for changes between one day and one week s (i.e., how long it takes to go from code committed to code in production)
- Time to restore service is less than one day
- Change failure rate between 0-15%
- High availability
- Error tracking tools (eg. Sentry )
- Monitoring tools (eg. New Relic , Librato )
-
Security
- Destructive actions prompt confirmations
- Follows the principle of least privilege: block resources/actions by default (whitelist when permission is needed)
- Has static code analyzers to find security flaws (eg: eslint-plugin-security, eslint-plugin-react)
- Has dependency vulnerability checkers in place (eg: Python safety, npm audit)
- Promotes privacy and raises awareness on users and stakeholders
- Development, Staging and Production environments as similar as possible, while asserting user data protecting through anonymization. More details
- References